openSUSE ; Initialization

2022.01.13

1. Disable SELinux

SELinux is a feature that provides a highly secure system architecture that prevents the concentration of privileges on root.
In openSUSE, it is disabled at the time of installation.
To check

# vi /etc/selinux/config
SELINUX=disabled

2. Use su command

Not required if you set the root password at the time of installation.
If you don’t want to set the root password, set it as follows
After logging in as a general user

lan@localhost:~> sudo passwd root

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

[sudo] password for root:
New password:
Retype new password:
passwd: password updated successfully

lan@localhost:~> su –
Password:
localhost:~ #

3. Modernize the system

To bring the system up to date, enter the following command。

# zypper -n update reboot

4. Install locate

In many cases, the find command is used to search for a specific file on the entire Linux system.
The find option is somewhat confusing.
The locate command is capable of extracting all files with the specified file name

Install
# zypper -n install mlocate
Create a database
# updatedb
Example of executing the locate command
# locate sshd
etc/pam.d/sshd
/etc/ssh/sshd_config
/etc/sysconfig/SuSEfirewall2.d/services/sshd
/etc/systemd/system/multi-user.target.wants/sshd.service
/usr/lib/systemd/system/sshd.service
/usr/lib/sysusers.d/sshd.conf
/usr/lib64/ruby/gems/2.5.0/gems/ruby-augeas-0.5.0/tests/root/etc/ssh/sshd_config
/usr/sbin/rcsshd
/usr/sbin/sshd
/usr/sbin/sshd-gen-keys-start
/usr/share/YaST2/scrconf/etc_ssh_sshd_config.scr
/usr/share/apparmor/extra-profiles/usr.sbin.sshd
/usr/share/augeas/lenses/dist/sshd.aug
/usr/share/man/man5/sshd_config.5.gz
/usr/share/man/man8/sshd.8.gz
/usr/share/vim/vim80/syntax/sshdconfig.vim
/var/lib/sshd

5. Services stopped for security measures.

Stopped and restarted services that were deemed unnecessary.
# systemctl stop atd.service
# disable atd.service
# systemctl stop auditd.service
# systemctl disable auditd.service
# systemctl stop mdmonitor.service
# systemctl disable mdmonitor.service
# systemctl stop smartd.service
# systemctl disable smartd.service
# systemctl stop tuned.service
# systemctl disable tuned.service
# systemctl stop dm-event.socket
# systemctl disable dm-event.socket

6. Network Settings

6.1 Host name setting

Change the hostname to Lepard to test it.

localhost:~ # hostnamectl set-hostname Lepard
localhost:~# reboot
lan@Lepard:~>

6.2 Fixed IP address setting

First, find out the name of your network interface with the following command
This time it is “eth0”.

# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:aa:4e:15 brd ff:ff:ff:ff:ff:ff
altname enp2s1
altname ens33
inet 192.168.11.84/24 brd 192.168.11.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feaa:4e15/64 scope link
valid_lft forever preferred_lft forever
Change the IP address of your server to “192.168.11.11”.
In most cases, the router address is something like “192.168.11.1” or “192.168.0.1.
We will use “192.168.11.1” as an example.
Lepard:~ # vi /etc/sysconfig/network/ifcfg-eth0
# Change as follows (replace IP address and other values with your own environment)
BOOTPROTO=’static’
BROADCAST=’192.168.11.255′
ETHTOOL_OPTIONS=”
IPADDR=’192.168.11.11′
MTU=”
NAME=”
NETMASK=’255.255.255.0′
NETWORK=’192.168.11.0′
REMOTE_IPADDR=”
STARTMODE=’auto’
DHCLIENT_SET_DEFAULT_ROUTE=’yes’
# vi /etc/sysconfig/network/config
# Line 182: Add your domain name. (To be added to the search line in resolv.conf)
NETCONFIG_DNS_STATIC_SEARCHLIST=”<your domain name.>”
# Line 195: DNS server settings to reference
NETCONFIG_DNS_STATIC_SERVERS=”192.168.11.1″
# vi /etc/sysconfig/network/routes
#Create New: Default Gateway Settings
default 192.168.11.1 – eth0

# reboot
# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:aa:4e:15 brd ff:ff:ff:ff:ff:ff
altname enp2s1
altname ens33
inet 192.168.11.11/24 brd 192.168.11.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feaa:4e15/64 scope link
valid_lft forever preferred_lft forever

6. IPv6 disablement

# vi /etc/default/grub
# Line 12: additional entry
GRUB_CMDLINE_LINUX=”ipv6.disable=1

# Reflect changes

# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file …
Found theme: /boot/grub2/themes/openSUSE/theme.txt
Found linux image: /boot/vmlinuz-5.3.18-150300.59.43-default
Found initrd image: /boot/initrd-5.3.18-150300.59.43-default
done

Go to top
タイトルとURLをコピーしました